Deepfake
What is Deepfake?
DeepfakeSynthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
Deepfakes use generative models — GANs, diffusion models, and neural voice-cloning systems — to swap faces, clone voices, or fabricate whole scenes. The term dates to a 2017 Reddit user who released face-swapped videos; the underlying autoencoder/GAN technique pairs an encoder that compresses a face with decoders trained to reconstruct a target, while modern voice clones need only seconds of reference audio. Quality has improved fast enough that real-time video deepfakes drove the January 2024 Arup fraud in Hong Kong, where attackers populated a video call with deepfaked colleagues, including a fake CFO, and convinced an employee to authorise 15 transfers totalling roughly HK$200 million (≈USD 25 M).
Deepfakes also power vishing, sextortion, election disinformation, non-consensual intimate imagery, and identity-verification (KYC) bypass via injected synthetic video. Defences are layered: technical detection (liveness/anti-spoofing checks, deepfake classifiers, and provenance signing via the C2PA Content Credentials standard backed by the Coalition for Content Provenance and Authenticity); procedural controls (out-of-band call-backs on a known number, dual approval and codewords for large transfers); and legal regimes such as the EU AI Act, whose Article 50 transparency duties require labelling AI-generated content. Detection alone is brittle and degrades as generators improve, so process controls remain the most reliable safeguard.
flowchart LR
A[Reference photos/audio<br/>of target] --> B[Train GAN /<br/>diffusion / voice clone]
B --> C[Synthetic video or voice]
C --> D[Fraudulent video call<br/>or voicemail]
D --> E{Victim verifies<br/>out-of-band?}
E -->|No call-back| F[Funds wired - fraud succeeds]
E -->|Codeword + known number| G[Request rejected]
C -.C2PA provenance.-> H[Content Credentials<br/>flag synthetic media]● Examples
- 01
A video-call deepfake of an executive instructing finance staff to wire funds to a fraudulent account.
- 02
A cloned voice of a CEO leaving a voicemail asking an employee to bypass approval workflows.
● Frequently asked questions
What is Deepfake?
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not. It belongs to the AI & ML Security category of cybersecurity.
What does Deepfake mean?
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
How do you defend against Deepfake?
Defences for Deepfake typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Deepfake?
Common alternative names include: AI-generated impersonation, Synthetic media impersonation.